Commission to take action on data retention

The European Commission wants to force five member states to enact controversial rules on the retention of telecommunications data.

Cecilia Malmström, the European commissioner for home affairs, today (18 April) announced that the Commission is to begin infringement proceedings against member states that have failed to transpose the EU’s data retention directive of 2006 into national law.

In addition to Sweden, against which an infringement procedure has already been launched, this concerns Austria, the Czech Republic, Germany and Romania.

Austria might be able to avoid legal action if it swiftly adopts a law on data retention that has already been proposed. The Czech Republic, Germany and Romania, where constitutional courts have annulled domestic laws on the subject, are all studying how to transpose the directive.

Sabine Leutheusser-Schnarrenberger, Germany’s justice minister, told German media at the weekend that it would be “nonsensical” if the Commission insisted on the transposition of a directive that was about to be amended. The issue has created tensions in Germany's coalition government, with Leutheusser-Schnarrenberger and other liberals doubting the need for the data retention directive, and the centre-right CDU/CSU supporting the mechanism.

Malmström said that all EU member states had to be treated equally and stressed that it was the member states, not the Commission, that pressed for the directive in the wake of terrorist bombings in Madrid and London in 2004 and 2005.

Malmström conceded that the directive was in “need of improvement” but stressed that data retention was “crucial in solving crimes”.

She said that she might propose amendments to the directive before the end of the year, including a more harmonised definition of what constitutes “serious crime”.

According to a Commission evaluation presented today, there are huge disparities in the way that member states use the EU obligation on telecommunications providers to retain location and traffic data on emails and telephone calls. In 2009, law enforcement authorities in Cyprus requested the use of data retained by telecoms providers in 40 cases while in Poland the figure exceeded one million. The Polish figure might be out by a factor of four since identical requests to the country’s four main service providers are counted separately, but it is still disproportionately high, according to a Commission official.

There is also disparity among the member states on the duration of data retention, from six months to two years - the minimum and maximum allowed by the directive.